macOS workaround

Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru>
This commit is contained in:
Evgeniy Kulikov 2020-12-14 00:18:13 +03:00 committed by Stanislav Bogatyrev
parent ffd549be4d
commit 5409d78e3c
2 changed files with 142 additions and 0 deletions

View file

@ -38,6 +38,8 @@ $ make hosts
It's recommended to add `make hosts` output to your local `/etc/hosts` file. It's recommended to add `make hosts` output to your local `/etc/hosts` file.
For instructions on how to set up DevEnv on macOS, please refer [the
guide](docs/macOS.md) in `docs` directory.
## How it's organized ## How it's organized

140
docs/macos.md Normal file
View file

@ -0,0 +1,140 @@
# Setting up DevEnv on macOS
## The Problem
Currently Docker for macOS has no support for network routing into the Host
Virtual Machine that is created using hyperkit. The reason for this is due to
the fact that the network interface options used to create the instance does not
create a bridge interface between the Physical Machine and the Host Virtual
Machine. To make matters worse, the arguments used to create the Host Virtual
Machine is hardcoded into the Docker for macOS binary with no means to configure
it.
## How to setup DevEnv on macOS
- Clone https://github.com/AlmirKadric-Published/docker-tuntap-osx
```sh
$ git clone git@github.com:AlmirKadric-Published/docker-tuntap-osx.git
```
- Install tuntap for macOS
```
$ brew tap caskroom/cask
$ brew cask install tuntap
```
- Restart macOS and allow tuntap kext in settings before
- Docker for macOS should be runned before
- Install docker-tuntap. This will automatically check if the currently
installed shim is the correct version and make a backup if necessary
```
$ ./sbin/docker_tap_install.sh
```
- After this you will need to bring up the network interfaces every time the
docker Host Virtual Machine is restarted
```
$ ./sbin/docker_tap_up.sh
```
- Bootup devenv
- See IPV4_PREFIX, for example, now it's
```
IPV4_PREFIX=192.168.130
```
- Add route to devenv (<IPV4_PREFIX>.0, for example IPV4_PREFIX=192.168.130)
```
$ sudo route add -net 192.168.130.0 -netmask 255.255.255.0 10.0.75.2
```
## How to uninstall
The uninstall script will simply revert the installer. Restoring the original
and removing the shim:
```
$ ./sbin/docker_tap_uninstall.sh
```
Remove route to devenv (<IPV4_PREFIX>.0, for example IPV4_PREFIX=192.168.130)
```
$ sudo route delete -net 192.168.130.0 -netmask 255.255.255.0 10.0.75.2
```
## Restart macOS or upgrade Docker for macoS
When you restart macOS or install new version of Docker, you should do next
steps:
- reinstall docker-tuntap forced
```
$ ./sbin/docker_tap_install.sh -f
```
- wait until docker will be restarted
- up tuntap interface
```
$ ./sbin/docker_tap_up.sh
```
- bootup devenv
- Add route to devenv (<IPV4_PREFIX>.0, for example IPV4_PREFIX=192.168.130)
```
$ sudo route add -net 192.168.130.0 -netmask 255.255.255.0 10.0.75.2
```
## How it works
This installer (`docker_tap_install.sh`) will move the original hyperkit binary
(`hyperkit.original`) inside the Docker for macOS application and places our shim
(`./sbin/docker.hyperkit.tuntap.sh`) in it's stead. This shim will then inject
the additional arguments required to attach a
[TunTap](http://tuntaposx.sourceforge.net/) interface into the Host Virtual
Machine, creating a bridge interface between the guest and the host (this is
essentially what hvint0 is on Docker for Windows).
From there the `up` script (`docker_tap_up.sh`) is used to bring the network
interface up on both the Physical Machine and the Host Virtual Machine. Unlike
the install script, which only needs to be run once, this `up` script must be
run for every restart of the Host Virtual Machine.
Once done, the IP address `10.0.75.2` can be used as a network routing gateway
to reach any containers within the Host Virtual Machine:
```
$ route add -net <IP RANGE> -netmask <IP MASK> 10.0.75.2
```
**Note:** Although as of docker-for-mac version `17.12.0` you do not need the
following, for prior versions you will need to setup IP Forwarding in the
iptables defintion on the Host Virtual Machine:
(This is not done by the helpers as this is not a OSX or tuntap specific issue.
You would need to do the same for Docker for Windows, as such it should be
handled outside the scope of this project.)
```
$ docker run --rm --privileged --pid=host debian nsenter -t 1 -m -u -n -i iptables -A FORWARD -i eth1 -j ACCEPT
```
**Note:** Although not required for docker-for-mac versions greater than
`17.12.0`, the above command can be replaced with the following if ever needed
and is tested to be working on Docker for Windwos as an alternative. This is in
case Docker for macOS changes something in future and this command ends up being a
necessity once again.
```
$ docker run --rm --privileged --pid=host docker4w/nsenter-dockerd /bin/sh -c 'iptables -A FORWARD -i eth1 -j ACCEPT'
```
## Dependencies
- [Docker for Mac](https://www.docker.com/docker-mac)
- [TunTap](http://tuntaposx.sourceforge.net/)
- [Docker TunTap](https://github.com/AlmirKadric-Published/docker-tuntap-osx)